Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
UPDATE 10/10: The hackers who compromised Discord are now sharing examples of what they say is stolen data, including selfies of Americans and Canadians holding up IDs.
Reporters at 404 Media joined a Telegram group where documents are being shared, including a spreadsheet with over 1,000 users’ email addresses, as well as their town, state, county, and country, partial phone numbers, whether a user has multi-factor authentication enabled, and when they last signed on to Discord.
Samples posted by the hackers include “selfies of people holding up their ID documents,” 404 says. “Some of these are images where the individual person is clearly visible; others are screenshots of larger folders containing thumbnails of the images.”
Discord has also confirmed that hackers accessed data by breaching a third-party service provider called 5CA, which the platform used to “support our customer service efforts.”
The hack underscores the arguments being made by age-verification critics. Pornhub’s parent company, for example, has blocked its sites in states with age-verification laws because it says people won’t want to upload their personal documents for fear that they might be breached in the future. Being exposed as a Discord user versus a Pornhub member is slightly different, but hackers don’t discriminate; they just want your details.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Pornhub parent Aylo sued over Texas’ law, but the Supreme Court upheld it. Age-verification supporters argue that the issue is keeping kids away from online porn, but there are efforts to crack down on porn completely, whether you’re an adult or not.
Original Story 10/9:
Last week, Discord confirmed that some of its users were impacted by a data breach after one of its third-party customer service providers was compromised. Hackers told Bleeping Computer that they stole the data of 5.5 million unique users, while online reports claim 2.1 million photos were exposed, but Discord now says the number is closer to 70,000.
Discord previously said a “small number” of government IDs were included in the breach. Now, the company has revealed that the number is approximately 70,000 users who had uploaded their IDs to Discord for the provider to “review age-related appeals.” Hackers did not access full credit card numbers or CCV codes, messages and activity on Discord beyond what users may have discussed with customer support, or passwords and authentication data, Discord says.
Recommended by Our Editors
“An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord,” it says. “No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents.”
Discord says it “proactively engaged with law enforcement to investigate this attack” and is contacting affected users. Emails will come from [email protected]; it recommends that “impacted users stay alert when receiving messages or other communication that may seem suspicious.”
Discord didn’t share which provider was compromised, saying only that it was “a third-party service we use to support our customer service efforts.” The hackers told Bleeping Computer they gained access for 58 hours on Sept. 20 through a compromised account of a support agent employed by an unnamed outsourced provider.
About Our Expert
Experience
I’ve been a journalist for over a decade after getting my start in tech reporting back in 2013. I joined PCMag in 2025, where I cover the latest developments across the tech sphere, writing about the gadgets and services you use every day. Be sure to send me any tips you think PCMag would be interested in.
Read Full Bio
